diff --git a/docker/docker-py3-kms-minimal/Dockerfile b/docker/docker-py3-kms-minimal/Dockerfile index b8b2f3e..a4483d9 100644 --- a/docker/docker-py3-kms-minimal/Dockerfile +++ b/docker/docker-py3-kms-minimal/Dockerfile @@ -12,27 +12,23 @@ ENV HWID RANDOM ENV LOGLEVEL INFO ENV LOGFILE STDOUT ENV LOGSIZE "" +ENV TYPE MINIMAL COPY ./py-kms /home/py-kms - +COPY docker/requirements_minimal.txt /home/py-kms/requirements.txt RUN apk add --no-cache --update \ - bash \ - git \ - py3-argparse \ - py3-flask \ - py3-pygments \ - python3-tkinter \ - sqlite-libs \ +bash \ + python3 \ py3-pip \ - tzdata \ + python3-tkinter \ + ca-certificates \ shadow \ + tzdata \ netcat-openbsd \ - build-base python3-dev \ - && pip3 install --no-cache-dir peewee tzlocal pytz wheel dnspython \ - && apk del git build-base python3-dev \ + && pip3 install --no-cache-dir -r /home/py-kms/requirements.txt \ && addgroup power_users \ && adduser -S py-kms -G users -s /bin/bash \ - && usermod -a -G power_users py-kms \ + && usermod -aG power_users py-kms \ && chown py-kms:users /home/py-kms \ # Fix undefined timezone, in case the user did not mount the /etc/localtime && ln -sf /usr/share/zoneinfo/UTC /etc/localtime diff --git a/docker/docker-py3-kms/Dockerfile b/docker/docker-py3-kms/Dockerfile index 75630b0..501da5b 100644 --- a/docker/docker-py3-kms/Dockerfile +++ b/docker/docker-py3-kms/Dockerfile @@ -17,32 +17,26 @@ ENV LOGSIZE "" ENV TZ America/Chicago COPY py-kms /home/py-kms/ - +COPY docker/requirements.txt /home/py-kms/ RUN apk add --no-cache --update \ bash \ - git \ python3 \ - py3-argparse \ - py3-flask \ - py3-pygments \ + py3-pip \ python3-tkinter \ sqlite-libs \ - py3-pip \ - build-base python3-dev \ ca-certificates \ tzdata \ shadow \ + sudo \ netcat-openbsd \ - && git clone --branch master --depth 1 https://github.com/coleifer/sqlite-web.git /tmp/sqlite_web \ - && mv /tmp/sqlite_web/sqlite_web /home/ \ - && rm -rf /tmp/sqlite_web \ - && pip3 install --no-cache-dir peewee tzlocal pytz pysqlite3 wheel dnspython \ - && apk del git build-base python3-dev \ + && pip3 install --no-cache-dir -r /home/py-kms/requirements.txt \ + #&& apk del git build-base python3-dev \ && mkdir /db/ \ && addgroup power_users \ && adduser -S py-kms -G users -s /bin/bash \ - && usermod -a -G power_users py-kms \ + && usermod -aG power_users py-kms \ && chown py-kms:users /home/py-kms \ + && echo "py-kms ALL= NOPASSWD: /bin/usermod -u py-kms *" >/etc/sudoers.d/py-kms \ # Fix undefined timezone, in case the user did not mount the /etc/localtime && ln -sf /usr/share/zoneinfo/UTC /etc/localtime diff --git a/docker/entrypoint.py b/docker/entrypoint.py index 25fef14..575e32c 100755 --- a/docker/entrypoint.py +++ b/docker/entrypoint.py @@ -9,6 +9,7 @@ import pwd import subprocess import sys import signal +import time PYTHON3 = '/usr/bin/python3' dbPath = os.path.join(os.sep, 'home', 'py-kms', 'db') # Do not include the database file name, as we must correct the folder permissions (the db file is recursively reachable) @@ -26,6 +27,9 @@ loggersrv.addHandler(streamhandler) def change_uid_grp(): + if os.geteuid() != 0: + loggersrv.info(f'not root user, cannot change uid/gid.') + return None user_db_entries = pwd.getpwnam("py-kms") user_grp_db_entries = grp.getgrnam("power_users") uid = int(user_db_entries.pw_uid) @@ -64,11 +68,7 @@ def change_tz(): # TZ is not symlinked and defined TZ exists if tz not in os.readlink('/etc/localtime') and os.path.isfile('/usr/share/zoneinfo/' + tz): loggersrv.info("Setting timzeone to %s" % tz ) - os.remove('/etc/localtime') - os.symlink(os.path.join('/usr/share/zoneinfo/', tz), '/etc/localtime') - f = open("/etc/timezone", "w") - f.write(tz) - f.close() + time.tzset() # Main if (__name__ == "__main__"): diff --git a/docker/requirements.txt b/docker/requirements.txt new file mode 100644 index 0000000..f5b6c76 --- /dev/null +++ b/docker/requirements.txt @@ -0,0 +1,6 @@ +argparse +flask +pygments +dnspython +tzlocal +sqlite-web \ No newline at end of file diff --git a/docker/requirements_minimal.txt b/docker/requirements_minimal.txt new file mode 100644 index 0000000..1edfc1c --- /dev/null +++ b/docker/requirements_minimal.txt @@ -0,0 +1,5 @@ +argparse +flask +pygments +dnspython +tzlocal \ No newline at end of file diff --git a/docker/start.py b/docker/start.py index 807906c..90de633 100644 --- a/docker/start.py +++ b/docker/start.py @@ -21,7 +21,8 @@ argumentVariableMapping = { } sqliteWebPath = '/home/sqlite_web/sqlite_web.py' -enableSQLITE = os.path.isfile(sqliteWebPath) and os.environ.get('SQLITE', 'false').lower() == 'true' +enableSQLITE = os.environ.get('SQLITE', 'false').lower() == 'true' +enableSQLITE = os.getenv('TYPE') != 'MINIMAL' dbPath = os.path.join(os.sep, 'home', 'py-kms', 'db', 'pykms_database.db') log_level_bootstrap = log_level = os.getenv('LOGLEVEL', 'INFO') if log_level_bootstrap == "MININFO": @@ -57,7 +58,7 @@ def start_kms(): command.append(os.environ.get(env)) if len(listen_ip) > 1: command.append("connect") - for i in range(1,len(listen_ip)): + for i in range(1, len(listen_ip)): command.append("-n") command.append(listen_ip[i] + "," + listen_port) @@ -74,7 +75,7 @@ def start_kms(): if enableSQLITE: time.sleep(5) # The server may take a while to start start_kms_client() - sqlite_cmd = [PYTHON3, '-u', '/home/sqlite_web/sqlite_web.py', '-H', listen_ip[0], '--read-only', '-x', + sqlite_cmd = ['sqlite_web', '-H', listen_ip[0], '--read-only', '-x', dbPath, '-p', sqlite_port] loggersrv.debug("sqlite_cmd: %s" % (" ".join(str(x) for x in sqlite_cmd).strip())) @@ -95,6 +96,9 @@ def start_kms(): # Main if (__name__ == "__main__"): + # Do not import for minimal + if os.getenv('TYPE', '') != "MINIMAL": + import sqlite_web loggersrv = logging.getLogger('logsrv') loggersrv.setLevel(log_level_bootstrap) streamhandler = logging.StreamHandler(sys.stdout)